Re: Bad certificate on planet.pidgin.im

[Ethan Blanton]

Not to reopen a stale topic, but ...

[snip FUD re: letsencrypt]

Let's Encrypt policies and outlook have been well covered by the EFF,
which was instrumental in making it happen.  I believe it is now
accepted by all major browsers and operating systems.  It's a fine
solution.  It's not the one we use for most of our services.  It may
be one we use going forward, Gary really likes it.

Ethan

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: Bad certificate on planet.pidgin.im

[David Woolley]

On 07/09/16 00:07, A wrote:

Just as a quick point of note for anyone that might benefit.

I happen to be working certs right now myself.  I discovered
letsencrypt.org a free certificate authority.  Pretty nifty. That's all
we know. ;)



Anyone with the ability to understand the OpenSSL documentation, which 
presumably includes all the Pidgin developers, can become a free 
certificate authority.  The difficulty is convincing browser and 
operating system suppliers that you are actually checking the identity 
of the people requesting the certificates properly, and, for Microsoft, 
probably paying them a fee for inclusion.


Certificates aren't necessary for encryption; they are necessary to be 
sure that the encrypted channel is going directly to the organisation to 
which you think it is going without a man in the middle being able to 
decrypt and re-encrypt it.


cacert.org is a much longer established free certificate authority, but 
they are still not included in Microsoft systems.  letsencrypt get into 
Microsoft software because they are a second level authority, although 
that begs the question as to why Microsoft should allow that, for a 
public second level authority.


Whereas cacert document their trust model up front, I couldn't see 
anything explaining the trust model for letsencrypt on a quick scan of 
their site.


___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: Bad certificate on planet.pidgin.im

[A]

Just as a quick point of note for anyone that might benefit.

I happen to be working certs right now myself.  I discovered 
letsencrypt.org a free certificate authority.  Pretty nifty. That's all 
we know. ;)



On 09/06/2016 12:46 PM, Gary Kramlich wrote:

Hopefully sooner than weeks, but yeah it's on my radar, it was
supposed to happen already, but I got side tracked with something
else.  Sorry.

On Tue, Sep 6, 2016 at 2:17 PM, Eion Robb  wrote:

Hi there,

I believe Gary is working on this and might have it resolved in a few weeks.

Cheers,
Eion


On 7/09/2016 05:23,  wrote:

I cannot view the Pidgin news.

Instead I get an error message stating:

The owner of planet.pidgin.im has configured their website improperly. To
protect your information from being stolen, Firefox has not connected to
this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that
Firefox only connect to it securely. As a result, it is not possible to add
an exception for this certificate.

planet.pidgin.im uses an invalid security certificate.
The certificate is only valid for the following names: www.pidgin.im,
pidgin.im, hg.pidgin.im
Error code: SSL_ERROR_BAD_CERT_DOMAIN

Can this be fixed?

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support





___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: Bad certificate on planet.pidgin.im

[Gary Kramlich]

Hopefully sooner than weeks, but yeah it's on my radar, it was
supposed to happen already, but I got side tracked with something
else.  Sorry.

On Tue, Sep 6, 2016 at 2:17 PM, Eion Robb  wrote:
> Hi there,
>
> I believe Gary is working on this and might have it resolved in a few weeks.
>
> Cheers,
> Eion
>
>
> On 7/09/2016 05:23,  wrote:
>>
>> I cannot view the Pidgin news.
>>
>> Instead I get an error message stating:
>>
>> The owner of planet.pidgin.im has configured their website improperly. To
>> protect your information from being stolen, Firefox has not connected to
>> this website.
>>
>> This site uses HTTP Strict Transport Security (HSTS) to specify that
>> Firefox only connect to it securely. As a result, it is not possible to add
>> an exception for this certificate.
>>
>> planet.pidgin.im uses an invalid security certificate.
>> The certificate is only valid for the following names: www.pidgin.im,
>> pidgin.im, hg.pidgin.im
>> Error code: SSL_ERROR_BAD_CERT_DOMAIN
>>
>> Can this be fixed?
>>
>> ___
>> Support@pidgin.im mailing list
>> Want to unsubscribe?  Use this link:
>> https://pidgin.im/cgi-bin/mailman/listinfo/support



-- 
Thanks,

--
Gary Kramlich 

___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support

Re: Bad certificate on planet.pidgin.im

[Eion Robb]

Hi there,

I believe Gary is working on this and might have it resolved in a few
weeks.

Cheers,
Eion

On 7/09/2016 05:23,  wrote:

> I cannot view the Pidgin news.
>
> Instead I get an error message stating:
>
> The owner of planet.pidgin.im has configured their website improperly. To
> protect your information from being stolen, Firefox has not connected to
> this website.
>
> This site uses HTTP Strict Transport Security (HSTS) to specify that
> Firefox only connect to it securely. As a result, it is not possible to add
> an exception for this certificate.
>
> planet.pidgin.im uses an invalid security certificate.
> The certificate is only valid for the following names: www.pidgin.im,
> pidgin.im, hg.pidgin.im
> Error code: SSL_ERROR_BAD_CERT_DOMAIN
>
> Can this be fixed?
>
> ___
> Support@pidgin.im mailing list
> Want to unsubscribe?  Use this link:
> https://pidgin.im/cgi-bin/mailman/listinfo/support
___
Support@pidgin.im mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support